AWS Certified Security – Specialty (SCS-C02) Exam Guide

The **AWS Security Specialty** certification validates your expertise in securing data and workloads in the AWS cloud. It covers IAM, data protection, incident response, and monitoring in depth.

Which AWS service manages secrets and allows for automatic rotation?

Answer : AWS Secrets Manager.

Provides native rotation for RDS, Redshift, and can integrate with Lambda for others.

What is the primary function of AWS Shield?

Answer : Protection against DDoS (Distributed Denial of Service) attacks.

Standard provides basic protection, while Advanced offers proactive monitoring and cost protection.

Which tool audits AWS resource compliance against defined rules?

Answer : AWS Config.

Tracks configuration changes and evaluates them using Config Rules.

What is an AWS Organizations SCP (Service Control Policy)?

Answer : A policy that sets maximum permissions for accounts within an organization.

Used as security guardrails to limit what IAM users/roles can do, even with Admin access.

Which service centralizes and normalizes security logs from multiple sources?

Answer : Amazon Security Lake.

Aggregates logs like CloudTrail and VPC Flow Logs into a centralized OCSF format data lake.

Related Certifications

• AWS Certified Cloud Practitioner (CLF-C02)
• AWS Certified AI Practitioner (AIF-C01)
• AWS Certified Solutions Architect – Associate (SAA-C03)
• AWS Certified Solutions Architect – Professional (SAP-C02)
• AWS Certified Developer – Associate (DVA-C02)